摘要
目前的分布式入侵检测系统存在单点失效、网络带宽占用高、扩展性不强等缺点。文中针对这些缺点提出了一种基于移动代理的分布式入侵检测系统模型。该系统运用移动代理作为各种入侵的独立检测实体到主机监控代理上收集数据并聚集、关联这些数据,这使得系统减小了数据传输量、分散了计算,同时也提高了系统的可扩展性。着重讨论了系统部件失效的检测和自动恢复机制,使系统更加稳定可靠。对实验结果分析表明这种结构很好地减少了带宽的占用,容易对新的攻击进行扩展,失效的代理也能自动准确地恢复。
Currently,distributed intrusion detection models had some impediments as single point failure, overload parts of network and non - scalable. In this paper, a mobile agent - based distributed system is proposed. The new model uses a set of software entities called mobile agents that can move from one node to another node within a network, and perform the task of aggregation and correlation of the intrusion related data that it receives from another set of software entities called the host monitor agent. It reduces network bandwidth usage by moving data analysis computation to the location of the intrusion data, and offers more flexibility. In addition,particularly discusses how to enhance the stability and reliability of this system by accomplishing self- recovery from internal failures. Based on analysis and experimental values,conclude that this system can reduce network bandwidth usage,add agents for new attack easily and recover the internal failures with itself.
出处
《计算机技术与发展》
2009年第9期132-135,共4页
Computer Technology and Development
关键词
入侵检测
移动代理
网络安全
分布式系统
intrusion detection
mobile agents
network security
distributed systems